While I wait for Hotmail to sort its life out making email inaccessable, plus that its 5am, it seemed like a good time to get another little job off my list.. so heres some thoughts I’ve had about this site.
Since doing some work with Joomla that has been fun while it lasted, it was the release of WordPress 3.x that caused me to look again at this blogging tool.
Looking to create a website to host my travel adventures some years ago, WordPress was a contender but was found to be less than cohesive in its earlier incarnation. Now it boasts features that make it a proper CMS application, with great ease and support from its community.
With the demise of Concept9 in its earlier incarnations I wanted something new to play with, besides which, putting your website together from scratch just looks like re-inventing the wheel for no real gain. Its probably already been done, is out there, and it seems life is too short to start building mud huts when the world is ready to offer you steel and concrete.
About the install
A new database was created using PhpMyAdmin via my hosting providers control panel. With the database created on one from 18 servers, the required information was gathered together – username, password, hostname, IP address.
Using SSH to the host for the website, I first recreated the install media on my local machine to upload it as a single ZIP file. This was due to WordPress wanting to install into a subfolder called wordpress, and therefore my sites URL became concept9.co.uk/wordpress/index.html and I didn’t want that. I wanted it run straight from the web address. WordPress may offer a way to change this during the installation, but as I had addressed this from my tar.zip file, it was not necessary for me to find out – but is something I need to be aware of when doing future upgrades.
The SSH shell was used with the usual tar -xzvf latest.tar.gz command to start the unzip process.
With the installation done, fed with the required database information and a successful connection, the first thing after logging in was to create a new user.
There are two things you need to know for hacking an account, a username and a password. If you use your admin account for posting all your posts, then this is revealed as the author of the posts, and so, you have just given away half of the information required to begin a hack. The hacker just needs a valid password for that account.
Also, any well known standard username is unsecure since its know that it will be ‘admin’ by anyone and his dog who has installed WordPress. In the same way simply leaving the database name as wp_ is also weak since its ‘the standard’ that a WordPress database name will be.
Using something else adds another step. It maybe nothing more than an extra padlock to your shed, but then, we’re always surprised by how much value ends up where we hadn’t thought about it being worth very much. Its really your time and effort your protecting.
Its another step for you to worry about when you come to do your ‘upgrade’ and you can’t find the details of what you called the database. Actually not such a problem since you can always have a look through PhpMySQLAdmin and see what databases you have before running the upgrade. Its only a little effort in the right direction and its nothing really to worry about, just good administration practice.
The opportunity to change the face of your WordPress site beckons. Its fun with PHP and CSS time once again.
Clearly I’ll be looking to see how the process of WordPress works, its WordPress loop system I believe its called. While the ‘themes’ are stored at least by name in the root of the CSS file. I expect to write something about this too.